mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
created "passdb.c" which is an interface point to (at present) either
smbpasswd or ldap passwd, at compile-time (-DUSE_LDAP). _none_ of the functions in ldap.c or smbpass.c should be called directly: only those in passdb.c should be used. -DUSE_LDAP is unlikely to compile at the moment.
This commit is contained in:
parent
dfdc9b0b1e
commit
57b01ad4ff
@ -36,12 +36,12 @@ BOOL chat_with_program(char *passwordprogram,char *name,char *chatsequence, BOOL
|
||||
BOOL chgpasswd(char *name,char *oldpass,char *newpass, BOOL as_root);
|
||||
BOOL chgpasswd(char *name,char *oldpass,char *newpass, BOOL as_root);
|
||||
BOOL check_lanman_password(char *user, unsigned char *pass1,
|
||||
unsigned char *pass2, struct smb_passwd **psmbpw);
|
||||
BOOL change_lanman_password(struct smb_passwd *smbpw, unsigned char *pass1, unsigned char *pass2);
|
||||
unsigned char *pass2, struct smb_passwd **psampw);
|
||||
BOOL change_lanman_password(struct smb_passwd *sampw, unsigned char *pass1, unsigned char *pass2);
|
||||
BOOL check_oem_password(char *user, unsigned char *data,
|
||||
struct smb_passwd **psmbpw, char *new_passwd,
|
||||
struct smb_passwd **psampw, char *new_passwd,
|
||||
int new_passwd_size);
|
||||
BOOL change_oem_password(struct smb_passwd *smbpw, char *new_passwd, BOOL override);
|
||||
BOOL change_oem_password(struct smb_passwd *sampw, char *new_passwd, BOOL override);
|
||||
|
||||
/*The following definitions come from client.c */
|
||||
|
||||
@ -1558,6 +1558,18 @@ BOOL pm_process( char *FileName,
|
||||
BOOL (*sfunc)(char *),
|
||||
BOOL (*pfunc)(char *, char *) );
|
||||
|
||||
/*The following definitions come from passdb.c */
|
||||
|
||||
struct smb_passwd *getsampwnam(char *name);
|
||||
struct smb_passwd *getsampwuid(unsigned int uid);
|
||||
void *startsampwent(BOOL update);
|
||||
void endsampwent(void *vp);
|
||||
struct smb_passwd *getsampwent(void *vp);
|
||||
unsigned long getsampwpos(void *vp);
|
||||
BOOL setsampwpos(void *vp, unsigned long tok);
|
||||
BOOL add_sampwd_entry(struct smb_passwd *newpwd);
|
||||
BOOL mod_sampwd_entry(struct smb_passwd* pwd, BOOL override);
|
||||
|
||||
/*The following definitions come from password.c */
|
||||
|
||||
void generate_next_challenge(char *challenge);
|
||||
|
@ -201,7 +201,7 @@ reporting %s domain %s 0x%x ntversion=%x lm_nt token=%x lm_20 token=%x\n",
|
||||
strcpy(reply_name,"\\\\"); /* Here it wants \\LOGONSERVER. */
|
||||
strcpy(reply_name+2,my_name);
|
||||
|
||||
smb_pass = getsmbpwnam(ascuser);
|
||||
smb_pass = getsampwnam(ascuser);
|
||||
|
||||
if(!smb_pass )
|
||||
{
|
||||
|
@ -475,7 +475,7 @@ static void ldap_get_machine(LDAP *ldap_struct,LDAPMessage *entry,
|
||||
/*******************************************************************
|
||||
find a user or a machine return a smbpass struct.
|
||||
******************************************************************/
|
||||
struct smb_passwd *ldap_get_smbpwd_entry(char *name, int smb_userid)
|
||||
static struct smb_passwd *ldap_get_smbpwd_entry(char *name, int smb_userid)
|
||||
{
|
||||
LDAP *ldap_struct;
|
||||
LDAPMessage *result;
|
||||
@ -560,4 +560,24 @@ struct smb_passwd *ldap_get_smbpwd_entry(char *name, int smb_userid)
|
||||
|
||||
return(&ldap_passwd);
|
||||
}
|
||||
|
||||
/************************************************************************
|
||||
Routine to search ldap passwd by name.
|
||||
*************************************************************************/
|
||||
|
||||
struct smb_passwd *getldappwnam(char *name)
|
||||
{
|
||||
return ldap_get_smbpwd_entry(name, 0);
|
||||
}
|
||||
|
||||
/************************************************************************
|
||||
Routine to search ldap passwd by uid.
|
||||
*************************************************************************/
|
||||
|
||||
struct smb_passwd *getldappwuid(unsigned int uid)
|
||||
{
|
||||
return ldap_get_smbpwd_entry(NULL, uid);
|
||||
}
|
||||
|
||||
|
||||
#endif
|
||||
|
149
source/passdb/passdb.c
Normal file
149
source/passdb/passdb.c
Normal file
@ -0,0 +1,149 @@
|
||||
/*
|
||||
Unix SMB/Netbios implementation.
|
||||
Version 1.9.
|
||||
Password and authentication handling
|
||||
Copyright (C) Andrew Tridgell 1992-1998
|
||||
Copyright (C) Luke Kenneth Casson Leighton 1996-1998
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation; either version 2 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with this program; if not, write to the Free Software
|
||||
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
|
||||
extern int DEBUGLEVEL;
|
||||
|
||||
/************************************************************************
|
||||
Routine to search sam passwd by name.
|
||||
*************************************************************************/
|
||||
|
||||
struct smb_passwd *getsampwnam(char *name)
|
||||
{
|
||||
#ifdef USE_LDAP
|
||||
return getldappwnam(name);
|
||||
#else
|
||||
return getsmbpwnam(name);
|
||||
#endif /* USE_LDAP */
|
||||
}
|
||||
|
||||
/************************************************************************
|
||||
Routine to search sam passwd by uid.
|
||||
*************************************************************************/
|
||||
|
||||
struct smb_passwd *getsampwuid(unsigned int uid)
|
||||
{
|
||||
#ifdef USE_LDAP
|
||||
return getldappwuid(uid);
|
||||
#else
|
||||
return getsmbpwuid(uid);
|
||||
#endif /* USE_LDAP */
|
||||
}
|
||||
|
||||
/***************************************************************
|
||||
Start to enumerate the sam passwd list. Returns a void pointer
|
||||
to ensure no modification outside this module.
|
||||
****************************************************************/
|
||||
|
||||
void *startsampwent(BOOL update)
|
||||
{
|
||||
#ifdef USE_LDAP
|
||||
return startldappwent(update);
|
||||
#else
|
||||
return startsmbpwent(update);
|
||||
#endif /* USE_LDAP */
|
||||
}
|
||||
|
||||
/***************************************************************
|
||||
End enumeration of the sam passwd list.
|
||||
****************************************************************/
|
||||
|
||||
void endsampwent(void *vp)
|
||||
{
|
||||
#ifdef USE_LDAP
|
||||
endldappwent(vp);
|
||||
#else
|
||||
endsmbpwent(vp);
|
||||
#endif /* USE_LDAP */
|
||||
}
|
||||
|
||||
/*************************************************************************
|
||||
Routine to return the next entry in the sam passwd list.
|
||||
*************************************************************************/
|
||||
|
||||
struct smb_passwd *getsampwent(void *vp)
|
||||
{
|
||||
#ifdef USE_LDAP
|
||||
return getldappwent(vp);
|
||||
#else
|
||||
return getsmbpwent(vp);
|
||||
#endif /* USE_LDAP */
|
||||
}
|
||||
|
||||
/*************************************************************************
|
||||
Return the current position in the sam passwd list as an unsigned long.
|
||||
This must be treated as an opaque token.
|
||||
*************************************************************************/
|
||||
unsigned long getsampwpos(void *vp)
|
||||
{
|
||||
#ifdef USE_LDAP
|
||||
return getldappwpos(vp);
|
||||
#else
|
||||
return getsmbpwpos(vp);
|
||||
#endif /* USE_LDAP */
|
||||
}
|
||||
|
||||
/*************************************************************************
|
||||
Set the current position in the sam passwd list from unsigned long.
|
||||
This must be treated as an opaque token.
|
||||
*************************************************************************/
|
||||
BOOL setsampwpos(void *vp, unsigned long tok)
|
||||
{
|
||||
#ifdef USE_LDAP
|
||||
return setldappwpos(vp, tok);
|
||||
#else
|
||||
return setsmbpwpos(vp, tok);
|
||||
#endif /* USE_LDAP */
|
||||
}
|
||||
|
||||
/************************************************************************
|
||||
Routine to add an entry to the sam passwd file.
|
||||
*************************************************************************/
|
||||
|
||||
BOOL add_sampwd_entry(struct smb_passwd *newpwd)
|
||||
{
|
||||
#ifdef USE_LDAP
|
||||
return add_ldappwd_entry(newpwd);
|
||||
#else
|
||||
return add_smbpwd_entry(newpwd);
|
||||
#endif /* USE_LDAP */
|
||||
}
|
||||
|
||||
/************************************************************************
|
||||
Routine to search the sam passwd file for an entry matching the username.
|
||||
and then modify its password entry. We can't use the startsampwent()/
|
||||
getsampwent()/endsampwent() interfaces here as we depend on looking
|
||||
in the actual file to decide how much room we have to write data.
|
||||
override = False, normal
|
||||
override = True, override XXXXXXXX'd out password or NO PASS
|
||||
************************************************************************/
|
||||
|
||||
BOOL mod_sampwd_entry(struct smb_passwd* pwd, BOOL override)
|
||||
{
|
||||
#ifdef USE_LDAP
|
||||
return mod_ldappwd_entry(pwd, override);
|
||||
#else
|
||||
return mod_smbpwd_entry(pwd, override);
|
||||
#endif /* USE_LDAP */
|
||||
}
|
||||
|
@ -17,6 +17,17 @@
|
||||
* Mass Ave, Cambridge, MA 02139, USA.
|
||||
*/
|
||||
|
||||
/*X*X*X*X*X*X*X**X*X*X*X*X*X*X**X*X*X*X*X*X*X*X*X*X*X*X*X*X*X*X*
|
||||
*X*X*X*X*X*X*X**X*X*X*X*X*X*X**X*X*X*X*X*X*X*X*X*X*X*X*X*X*X*X*
|
||||
*X*X*X*X*X*X*X**X*X*X*X*X*X*X**X*X*X*X*X*X*X*X*X*X*X*X*X*X*X*X*
|
||||
|
||||
DO NOT CALL ANY OF THE ROUTINES IN THIS MODULE DIRECTLY.
|
||||
USE passdb.c INSTEAD.
|
||||
|
||||
*X*X*X*X*X*X*X**X*X*X*X*X*X*X**X*X*X*X*X*X*X*X*X*X*X*X*X*X*X*X*
|
||||
*X*X*X*X*X*X*X**X*X*X*X*X*X*X**X*X*X*X*X*X*X*X*X*X*X*X*X*X*X*X*
|
||||
*X*X*X*X*X*X*X**X*X*X*X*X*X*X**X*X*X*X*X*X*X*X*X*X*X*X*X*X*X*X*/
|
||||
|
||||
#include "includes.h"
|
||||
|
||||
extern int DEBUGLEVEL;
|
||||
@ -112,7 +123,10 @@ static BOOL pw_file_unlock(int fd, int *plock_depth)
|
||||
/***************************************************************
|
||||
Start to enumerate the smbpasswd list. Returns a void pointer
|
||||
to ensure no modification outside this module.
|
||||
****************************************************************/
|
||||
|
||||
do not call this function directly. use passdb.c instead.
|
||||
|
||||
****************************************************************/
|
||||
|
||||
void *startsmbpwent(BOOL update)
|
||||
{
|
||||
@ -192,6 +206,9 @@ static int gethexpwd(char *p, char *pwd)
|
||||
|
||||
/*************************************************************************
|
||||
Routine to return the next entry in the smbpasswd list.
|
||||
|
||||
do not call this function directly. use passdb.c instead.
|
||||
|
||||
*************************************************************************/
|
||||
|
||||
struct smb_passwd *getsmbpwent(void *vp)
|
||||
@ -482,8 +499,10 @@ struct smb_passwd *getsmbpwent(void *vp)
|
||||
/*************************************************************************
|
||||
Return the current position in the smbpasswd list as an unsigned long.
|
||||
This must be treated as an opaque token.
|
||||
*************************************************************************/
|
||||
|
||||
do not call this function directly. use passdb.c instead.
|
||||
|
||||
*************************************************************************/
|
||||
unsigned long getsmbpwpos(void *vp)
|
||||
{
|
||||
return (unsigned long)ftell((FILE *)vp);
|
||||
@ -492,8 +511,10 @@ unsigned long getsmbpwpos(void *vp)
|
||||
/*************************************************************************
|
||||
Set the current position in the smbpasswd list from unsigned long.
|
||||
This must be treated as an opaque token.
|
||||
*************************************************************************/
|
||||
|
||||
do not call this function directly. use passdb.c instead.
|
||||
|
||||
*************************************************************************/
|
||||
BOOL setsmbpwpos(void *vp, unsigned long tok)
|
||||
{
|
||||
return !fseek((FILE *)vp, tok, SEEK_SET);
|
||||
@ -503,7 +524,6 @@ BOOL setsmbpwpos(void *vp, unsigned long tok)
|
||||
Routine to search the smbpasswd file for an entry matching the username
|
||||
or user id. if the name is NULL, then the smb_uid is used instead.
|
||||
*************************************************************************/
|
||||
|
||||
static struct smb_passwd *get_smbpwd_entry(char *name, int smb_userid)
|
||||
{
|
||||
struct smb_passwd *pwd = NULL;
|
||||
@ -549,31 +569,25 @@ static struct smb_passwd *get_smbpwd_entry(char *name, int smb_userid)
|
||||
}
|
||||
|
||||
/************************************************************************
|
||||
Routine to search smbpasswd by name.
|
||||
Routine to search smb passwd by name.
|
||||
*************************************************************************/
|
||||
|
||||
struct smb_passwd *getsmbpwnam(char *name)
|
||||
{
|
||||
#ifdef USE_LDAP
|
||||
return ldap_get_smbpwd_entry(name, 0);
|
||||
#else /* USE_LDAP */
|
||||
return get_smbpwd_entry(name, 0);
|
||||
#endif /* USE_LDAP */
|
||||
}
|
||||
|
||||
|
||||
/************************************************************************
|
||||
Routine to search smbpasswd by uid.
|
||||
Routine to search smb passwd by uid.
|
||||
*************************************************************************/
|
||||
|
||||
struct smb_passwd *getsmbpwuid(unsigned int uid)
|
||||
{
|
||||
#ifdef USE_LDAP
|
||||
return ldap_get_smbpwd_entry(NULL, uid);
|
||||
#else /* USE_DLAP */
|
||||
return get_smbpwd_entry(NULL, uid);
|
||||
#endif /* USE_LDAP */
|
||||
}
|
||||
|
||||
|
||||
/**********************************************************
|
||||
Encode the account control bits into a string.
|
||||
**********************************************************/
|
||||
@ -585,24 +599,15 @@ char *encode_acct_ctrl(uint16 acct_ctrl)
|
||||
|
||||
*p++ = '[';
|
||||
|
||||
if(acct_ctrl & ACB_HOMDIRREQ)
|
||||
*p++ = 'H';
|
||||
if(acct_ctrl & ACB_TEMPDUP)
|
||||
*p++ = 'T';
|
||||
if(acct_ctrl & ACB_NORMAL)
|
||||
*p++ = 'U';
|
||||
if(acct_ctrl & ACB_MNS)
|
||||
*p++ = 'M';
|
||||
if(acct_ctrl & ACB_WSTRUST)
|
||||
*p++ = 'W';
|
||||
if(acct_ctrl & ACB_SVRTRUST)
|
||||
*p++ = 'S';
|
||||
if(acct_ctrl & ACB_AUTOLOCK)
|
||||
*p++ = 'L';
|
||||
if(acct_ctrl & ACB_PWNOEXP)
|
||||
*p++ = 'X';
|
||||
if(acct_ctrl & ACB_DOMTRUST)
|
||||
*p++ = 'I';
|
||||
if (acct_ctrl & ACB_HOMDIRREQ) *p++ = 'H';
|
||||
if (acct_ctrl & ACB_TEMPDUP ) *p++ = 'T';
|
||||
if (acct_ctrl & ACB_NORMAL ) *p++ = 'U';
|
||||
if (acct_ctrl & ACB_MNS ) *p++ = 'M';
|
||||
if (acct_ctrl & ACB_WSTRUST ) *p++ = 'W';
|
||||
if (acct_ctrl & ACB_SVRTRUST ) *p++ = 'S';
|
||||
if (acct_ctrl & ACB_AUTOLOCK ) *p++ = 'L';
|
||||
if (acct_ctrl & ACB_PWNOEXP ) *p++ = 'X';
|
||||
if (acct_ctrl & ACB_DOMTRUST ) *p++ = 'I';
|
||||
|
||||
*p++ = ']';
|
||||
*p = '\0';
|
||||
@ -611,6 +616,9 @@ char *encode_acct_ctrl(uint16 acct_ctrl)
|
||||
|
||||
/************************************************************************
|
||||
Routine to add an entry to the smbpasswd file.
|
||||
|
||||
do not call this function directly. use passdb.c instead.
|
||||
|
||||
*************************************************************************/
|
||||
|
||||
BOOL add_smbpwd_entry(struct smb_passwd *newpwd)
|
||||
@ -742,6 +750,9 @@ Error was %s. Password file may be corrupt ! Please examine by hand !\n",
|
||||
in the actual file to decide how much room we have to write data.
|
||||
override = False, normal
|
||||
override = True, override XXXXXXXX'd out password or NO PASS
|
||||
|
||||
do not call this function directly. use passdb.c instead.
|
||||
|
||||
************************************************************************/
|
||||
|
||||
BOOL mod_smbpwd_entry(struct smb_passwd* pwd, BOOL override)
|
||||
|
@ -237,7 +237,7 @@ static BOOL get_md4pw(char *md4pw, char *mach_name, char *mach_acct)
|
||||
}
|
||||
|
||||
become_root(True);
|
||||
smb_pass = getsmbpwnam(mach_acct);
|
||||
smb_pass = getsampwnam(mach_acct);
|
||||
unbecome_root(True);
|
||||
|
||||
if (smb_pass != NULL)
|
||||
@ -377,48 +377,50 @@ static void api_net_srv_pwset( int uid,
|
||||
|
||||
/* checks and updates credentials. creates reply credentials */
|
||||
if (deal_with_creds(vuser->dc.sess_key, &(vuser->dc.clnt_cred),
|
||||
&(q_a.clnt_id.cred), &srv_cred))
|
||||
&(q_a.clnt_id.cred), &srv_cred))
|
||||
{
|
||||
memcpy(&(vuser->dc.srv_cred), &(vuser->dc.clnt_cred), sizeof(vuser->dc.clnt_cred));
|
||||
|
||||
DEBUG(5,("api_net_srv_pwset: %d\n", __LINE__));
|
||||
|
||||
pstrcpy(mach_acct, unistrn2(q_a.clnt_id.login.uni_acct_name.buffer,
|
||||
q_a.clnt_id.login.uni_acct_name.uni_str_len));
|
||||
pstrcpy(mach_acct, unistrn2(q_a.clnt_id.login.uni_acct_name.buffer,
|
||||
q_a.clnt_id.login.uni_acct_name.uni_str_len));
|
||||
|
||||
DEBUG(3,("Server Password Set Wksta:[%s]\n", mach_acct));
|
||||
DEBUG(3,("Server Password Set Wksta:[%s]\n", mach_acct));
|
||||
|
||||
become_root(True);
|
||||
smb_pass = getsmbpwnam(mach_acct);
|
||||
unbecome_root(True);
|
||||
become_root(True);
|
||||
smb_pass = getsampwnam(mach_acct);
|
||||
unbecome_root(True);
|
||||
|
||||
if (smb_pass != NULL)
|
||||
{
|
||||
unsigned char pwd[16];
|
||||
int i;
|
||||
unsigned char pwd[16];
|
||||
int i;
|
||||
|
||||
DEBUG(100,("Server password set : new given value was :\n"));
|
||||
for(i = 0; i < 16; i++)
|
||||
DEBUG(100,("%02X ", q_a.pwd[i]));
|
||||
DEBUG(100,("\n"));
|
||||
DEBUG(100,("Server password set : new given value was :\n"));
|
||||
for(i = 0; i < 16; i++)
|
||||
{
|
||||
DEBUG(100,("%02X ", q_a.pwd[i]));
|
||||
}
|
||||
DEBUG(100,("\n"));
|
||||
|
||||
cred_hash3( pwd, q_a.pwd, vuser->dc.sess_key, 0);
|
||||
cred_hash3( pwd, q_a.pwd, vuser->dc.sess_key, 0);
|
||||
|
||||
/* lies! nt and lm passwords are _not_ the same: don't care */
|
||||
smb_pass->smb_passwd = pwd;
|
||||
smb_pass->smb_nt_passwd = pwd;
|
||||
smb_pass->acct_ctrl = ACB_WSTRUST;
|
||||
/* lies! nt and lm passwords are _not_ the same: don't care */
|
||||
smb_pass->smb_passwd = pwd;
|
||||
smb_pass->smb_nt_passwd = pwd;
|
||||
smb_pass->acct_ctrl = ACB_WSTRUST;
|
||||
|
||||
become_root(True);
|
||||
ret = mod_smbpwd_entry(smb_pass,False);
|
||||
unbecome_root(True);
|
||||
become_root(True);
|
||||
ret = mod_sampwd_entry(smb_pass,False);
|
||||
unbecome_root(True);
|
||||
|
||||
if (ret)
|
||||
{
|
||||
/* hooray! */
|
||||
status = 0x0;
|
||||
}
|
||||
}
|
||||
if (ret)
|
||||
{
|
||||
/* hooray! */
|
||||
status = 0x0;
|
||||
}
|
||||
}
|
||||
|
||||
DEBUG(5,("api_net_srv_pwset: %d\n", __LINE__));
|
||||
|
||||
@ -629,7 +631,7 @@ static void api_net_sam_logon( int uid,
|
||||
DEBUG(3,("User:[%s]\n", samlogon_user));
|
||||
|
||||
become_root(True);
|
||||
smb_pass = getsmbpwnam(samlogon_user);
|
||||
smb_pass = getsampwnam(samlogon_user);
|
||||
unbecome_root(True);
|
||||
|
||||
if (smb_pass == NULL)
|
||||
|
@ -38,7 +38,7 @@ extern rid_name domain_alias_rids[];
|
||||
dynamically returns the correct user info..... JRA.
|
||||
********************************************************************/
|
||||
|
||||
static BOOL get_smbpwd_entries(SAM_USER_INFO_21 *pw_buf,
|
||||
static BOOL get_sampwd_entries(SAM_USER_INFO_21 *pw_buf,
|
||||
int *total_entries, int *num_entries,
|
||||
int max_num_entries,
|
||||
uint16 acb_mask)
|
||||
@ -51,14 +51,14 @@ static BOOL get_smbpwd_entries(SAM_USER_INFO_21 *pw_buf,
|
||||
|
||||
if (pw_buf == NULL) return False;
|
||||
|
||||
vp = startsmbpwent(False);
|
||||
vp = startsampwent(False);
|
||||
if (!vp)
|
||||
{
|
||||
DEBUG(0, ("get_smbpwd_entries: Unable to open SMB password file.\n"));
|
||||
DEBUG(0, ("get_sampwd_entries: Unable to open SMB password file.\n"));
|
||||
return False;
|
||||
}
|
||||
|
||||
while (((pwd = getsmbpwent(vp)) != NULL) && (*num_entries) < max_num_entries)
|
||||
while (((pwd = getsampwent(vp)) != NULL) && (*num_entries) < max_num_entries)
|
||||
{
|
||||
int user_name_len = strlen(pwd->smb_name);
|
||||
make_unistr2(&(pw_buf[(*num_entries)].uni_user_name), pwd->smb_name, user_name_len-1);
|
||||
@ -75,7 +75,7 @@ static BOOL get_smbpwd_entries(SAM_USER_INFO_21 *pw_buf,
|
||||
|
||||
pw_buf[(*num_entries)].acb_info = (uint16)pwd->acct_ctrl;
|
||||
|
||||
DEBUG(5, ("get_smbpwd_entries: idx: %d user %s, uid %d, acb %x",
|
||||
DEBUG(5, ("get_sampwd_entries: idx: %d user %s, uid %d, acb %x",
|
||||
(*num_entries), pwd->smb_name, pwd->smb_userid, pwd->acct_ctrl));
|
||||
|
||||
if (acb_mask == 0 || IS_BITS_SET_SOME(pwd->acct_ctrl, acb_mask))
|
||||
@ -91,7 +91,7 @@ static BOOL get_smbpwd_entries(SAM_USER_INFO_21 *pw_buf,
|
||||
(*total_entries)++;
|
||||
}
|
||||
|
||||
endsmbpwent(vp);
|
||||
endsampwent(vp);
|
||||
|
||||
return (*num_entries) > 0;
|
||||
}
|
||||
@ -295,7 +295,7 @@ static void samr_reply_enum_dom_users(SAMR_Q_ENUM_DOM_USERS *q_u,
|
||||
DEBUG(5,("samr_reply_enum_dom_users: %d\n", __LINE__));
|
||||
|
||||
become_root(True);
|
||||
got_pwds = get_smbpwd_entries(pass, &total_entries, &num_entries, MAX_SAM_ENTRIES, q_u->acb_mask);
|
||||
got_pwds = get_sampwd_entries(pass, &total_entries, &num_entries, MAX_SAM_ENTRIES, q_u->acb_mask);
|
||||
unbecome_root(True);
|
||||
|
||||
make_samr_r_enum_dom_users(&r_e, total_entries,
|
||||
@ -466,7 +466,7 @@ static void samr_reply_query_dispinfo(SAMR_Q_QUERY_DISPINFO *q_u,
|
||||
#ifndef USE_LDAP
|
||||
become_root(True);
|
||||
|
||||
got_pwds = get_smbpwd_entries(pass, &total_entries, &num_entries, MAX_SAM_ENTRIES, 0);
|
||||
got_pwds = get_sampwd_entries(pass, &total_entries, &num_entries, MAX_SAM_ENTRIES, 0);
|
||||
|
||||
unbecome_root(True);
|
||||
#endif /* USE_LDAP */
|
||||
@ -633,7 +633,7 @@ static void samr_reply_lookup_ids(SAMR_Q_LOOKUP_IDS *q_u,
|
||||
|
||||
/* find the user account */
|
||||
become_root(True);
|
||||
smb_pass = get_smbpwd_entry(user_name, 0);
|
||||
smb_pass = get_sampwd_entry(user_name, 0);
|
||||
unbecome_root(True);
|
||||
|
||||
if (smb_pass == NULL)
|
||||
@ -825,7 +825,7 @@ static void samr_reply_open_user(SAMR_Q_OPEN_USER *q_u,
|
||||
}
|
||||
|
||||
become_root(True);
|
||||
smb_pass = getsmbpwuid(q_u->user_rid);
|
||||
smb_pass = getsampwuid(q_u->user_rid);
|
||||
unbecome_root(True);
|
||||
|
||||
/* check that the RID exists in our domain. */
|
||||
@ -896,7 +896,7 @@ static BOOL get_user_info_21(SAM_USER_INFO_21 *id21, uint32 rid)
|
||||
struct smb_passwd *smb_pass;
|
||||
|
||||
become_root(True);
|
||||
smb_pass = getsmbpwuid(rid);
|
||||
smb_pass = getsampwuid(rid);
|
||||
unbecome_root(True);
|
||||
|
||||
if (smb_pass == NULL)
|
||||
@ -1117,7 +1117,7 @@ static void samr_reply_query_usergroups(SAMR_Q_QUERY_USERGROUPS *q_u,
|
||||
if (status == 0x0)
|
||||
{
|
||||
become_root(True);
|
||||
smb_pass = getsmbpwuid(rid);
|
||||
smb_pass = getsampwuid(rid);
|
||||
unbecome_root(True);
|
||||
|
||||
if (smb_pass == NULL)
|
||||
@ -1213,7 +1213,7 @@ static void api_samr_unknown_32( int uid, prs_struct *data, prs_struct *rdata)
|
||||
q_u.uni_mach_acct.uni_str_len));
|
||||
|
||||
become_root(True);
|
||||
smb_pass = getsmbpwnam(mach_acct);
|
||||
smb_pass = getsampwnam(mach_acct);
|
||||
unbecome_root(True);
|
||||
|
||||
if (smb_pass != NULL)
|
||||
|
@ -406,7 +406,7 @@ uint32 lookup_user_name(uint32 rid, char *user_name, uint32 *type)
|
||||
|
||||
/* ok, it's a user. find the user account */
|
||||
become_root(True);
|
||||
smb_pass = getsmbpwuid(rid); /* lkclXXXX SHOULD use rid mapping here! */
|
||||
smb_pass = getsampwuid(rid); /* lkclXXXX SHOULD use rid mapping here! */
|
||||
unbecome_root(True);
|
||||
|
||||
if (smb_pass != NULL)
|
||||
@ -468,7 +468,7 @@ uint32 lookup_user_rid(char *user_name, uint32 *rid)
|
||||
|
||||
/* find the user account */
|
||||
become_root(True);
|
||||
smb_pass = getsmbpwnam(user_name);
|
||||
smb_pass = getsampwnam(user_name);
|
||||
unbecome_root(True);
|
||||
|
||||
if (smb_pass != NULL)
|
||||
|
@ -440,56 +440,56 @@ BOOL chgpasswd(char *name,char *oldpass,char *newpass, BOOL as_root)
|
||||
************************************************************/
|
||||
|
||||
BOOL check_lanman_password(char *user, unsigned char *pass1,
|
||||
unsigned char *pass2, struct smb_passwd **psmbpw)
|
||||
unsigned char *pass2, struct smb_passwd **psampw)
|
||||
{
|
||||
unsigned char unenc_new_pw[16];
|
||||
unsigned char unenc_old_pw[16];
|
||||
unsigned char null_pw[16];
|
||||
struct smb_passwd *smbpw;
|
||||
struct smb_passwd *sampw;
|
||||
|
||||
*psmbpw = NULL;
|
||||
*psampw = NULL;
|
||||
|
||||
become_root(0);
|
||||
smbpw = getsmbpwnam(user);
|
||||
sampw = getsampwnam(user);
|
||||
unbecome_root(0);
|
||||
|
||||
if(smbpw == NULL)
|
||||
if(sampw == NULL)
|
||||
{
|
||||
DEBUG(0,("check_lanman_password: getsmbpwnam returned NULL\n"));
|
||||
DEBUG(0,("check_lanman_password: getsampwnam returned NULL\n"));
|
||||
return False;
|
||||
}
|
||||
|
||||
if(smbpw->acct_ctrl & ACB_DISABLED)
|
||||
if(sampw->acct_ctrl & ACB_DISABLED)
|
||||
{
|
||||
DEBUG(0,("check_lanman_password: account %s disabled.\n", user));
|
||||
return False;
|
||||
}
|
||||
|
||||
if((smbpw->smb_passwd == NULL) && (smbpw->acct_ctrl & ACB_PWNOTREQ))
|
||||
if((sampw->smb_passwd == NULL) && (sampw->acct_ctrl & ACB_PWNOTREQ))
|
||||
{
|
||||
unsigned char no_pw[14];
|
||||
memset(no_pw, '\0', 14);
|
||||
E_P16((uchar *)no_pw, (uchar *)null_pw);
|
||||
smbpw->smb_passwd = null_pw;
|
||||
} else if (smbpw->smb_passwd == NULL) {
|
||||
sampw->smb_passwd = null_pw;
|
||||
} else if (sampw->smb_passwd == NULL) {
|
||||
DEBUG(0,("check_lanman_password: no lanman password !\n"));
|
||||
return False;
|
||||
}
|
||||
|
||||
/* Get the new lanman hash. */
|
||||
D_P16(smbpw->smb_passwd, pass2, unenc_new_pw);
|
||||
D_P16(sampw->smb_passwd, pass2, unenc_new_pw);
|
||||
|
||||
/* Use this to get the old lanman hash. */
|
||||
D_P16(unenc_new_pw, pass1, unenc_old_pw);
|
||||
|
||||
/* Check that the two old passwords match. */
|
||||
if(memcmp(smbpw->smb_passwd, unenc_old_pw, 16))
|
||||
if(memcmp(sampw->smb_passwd, unenc_old_pw, 16))
|
||||
{
|
||||
DEBUG(0,("check_lanman_password: old password doesn't match.\n"));
|
||||
return False;
|
||||
}
|
||||
|
||||
*psmbpw = smbpw;
|
||||
*psampw = sampw;
|
||||
return True;
|
||||
}
|
||||
|
||||
@ -499,44 +499,44 @@ BOOL check_lanman_password(char *user, unsigned char *pass1,
|
||||
no longer be valid.
|
||||
************************************************************/
|
||||
|
||||
BOOL change_lanman_password(struct smb_passwd *smbpw, unsigned char *pass1, unsigned char *pass2)
|
||||
BOOL change_lanman_password(struct smb_passwd *sampw, unsigned char *pass1, unsigned char *pass2)
|
||||
{
|
||||
unsigned char unenc_new_pw[16];
|
||||
unsigned char null_pw[16];
|
||||
BOOL ret;
|
||||
|
||||
if(smbpw == NULL)
|
||||
if(sampw == NULL)
|
||||
{
|
||||
DEBUG(0,("change_lanman_password: no smb password entry.\n"));
|
||||
return False;
|
||||
}
|
||||
|
||||
if(smbpw->acct_ctrl & ACB_DISABLED)
|
||||
if(sampw->acct_ctrl & ACB_DISABLED)
|
||||
{
|
||||
DEBUG(0,("change_lanman_password: account %s disabled.\n", smbpw->smb_name));
|
||||
DEBUG(0,("change_lanman_password: account %s disabled.\n", sampw->smb_name));
|
||||
return False;
|
||||
}
|
||||
|
||||
if((smbpw->smb_passwd == NULL) && (smbpw->acct_ctrl & ACB_PWNOTREQ))
|
||||
if((sampw->smb_passwd == NULL) && (sampw->acct_ctrl & ACB_PWNOTREQ))
|
||||
{
|
||||
unsigned char no_pw[14];
|
||||
memset(no_pw, '\0', 14);
|
||||
E_P16((uchar *)no_pw, (uchar *)null_pw);
|
||||
smbpw->smb_passwd = null_pw;
|
||||
} else if (smbpw->smb_passwd == NULL) {
|
||||
sampw->smb_passwd = null_pw;
|
||||
} else if (sampw->smb_passwd == NULL) {
|
||||
DEBUG(0,("change_lanman_password: no lanman password !\n"));
|
||||
return False;
|
||||
}
|
||||
|
||||
/* Get the new lanman hash. */
|
||||
D_P16(smbpw->smb_passwd, pass2, unenc_new_pw);
|
||||
D_P16(sampw->smb_passwd, pass2, unenc_new_pw);
|
||||
|
||||
smbpw->smb_passwd = unenc_new_pw;
|
||||
smbpw->smb_nt_passwd = NULL; /* We lose the NT hash. Sorry. */
|
||||
sampw->smb_passwd = unenc_new_pw;
|
||||
sampw->smb_nt_passwd = NULL; /* We lose the NT hash. Sorry. */
|
||||
|
||||
/* Now write it into the file. */
|
||||
become_root(0);
|
||||
ret = mod_smbpwd_entry(smbpw,False);
|
||||
ret = mod_sampwd_entry(sampw,False);
|
||||
unbecome_root(0);
|
||||
|
||||
return ret;
|
||||
@ -547,10 +547,10 @@ BOOL change_lanman_password(struct smb_passwd *smbpw, unsigned char *pass1, unsi
|
||||
************************************************************/
|
||||
|
||||
BOOL check_oem_password(char *user, unsigned char *data,
|
||||
struct smb_passwd **psmbpw, char *new_passwd,
|
||||
struct smb_passwd **psampw, char *new_passwd,
|
||||
int new_passwd_size)
|
||||
{
|
||||
struct smb_passwd *smbpw = NULL;
|
||||
struct smb_passwd *sampw = NULL;
|
||||
int new_pw_len;
|
||||
fstring upper_case_new_passwd;
|
||||
unsigned char new_p16[16];
|
||||
@ -558,28 +558,28 @@ BOOL check_oem_password(char *user, unsigned char *data,
|
||||
unsigned char null_pw[16];
|
||||
|
||||
become_root(0);
|
||||
*psmbpw = smbpw = getsmbpwnam(user);
|
||||
*psampw = sampw = getsampwnam(user);
|
||||
unbecome_root(0);
|
||||
|
||||
if(smbpw == NULL)
|
||||
if(sampw == NULL)
|
||||
{
|
||||
DEBUG(0,("check_oem_password: getsmbpwnam returned NULL\n"));
|
||||
DEBUG(0,("check_oem_password: getsampwnam returned NULL\n"));
|
||||
return False;
|
||||
}
|
||||
|
||||
if(smbpw->acct_ctrl & ACB_DISABLED)
|
||||
if(sampw->acct_ctrl & ACB_DISABLED)
|
||||
{
|
||||
DEBUG(0,("check_lanman_password: account %s disabled.\n", user));
|
||||
return False;
|
||||
}
|
||||
|
||||
if((smbpw->smb_passwd == NULL) && (smbpw->acct_ctrl & ACB_PWNOTREQ))
|
||||
if((sampw->smb_passwd == NULL) && (sampw->acct_ctrl & ACB_PWNOTREQ))
|
||||
{
|
||||
unsigned char no_pw[14];
|
||||
memset(no_pw, '\0', 14);
|
||||
E_P16((uchar *)no_pw, (uchar *)null_pw);
|
||||
smbpw->smb_passwd = null_pw;
|
||||
} else if (smbpw->smb_passwd == NULL) {
|
||||
sampw->smb_passwd = null_pw;
|
||||
} else if (sampw->smb_passwd == NULL) {
|
||||
DEBUG(0,("check_oem_password: no lanman password !\n"));
|
||||
return False;
|
||||
}
|
||||
@ -587,7 +587,7 @@ BOOL check_oem_password(char *user, unsigned char *data,
|
||||
/*
|
||||
* Call the hash function to get the new password.
|
||||
*/
|
||||
SamOEMhash( (unsigned char *)data, (unsigned char *)smbpw->smb_passwd, True);
|
||||
SamOEMhash( (unsigned char *)data, (unsigned char *)sampw->smb_passwd, True);
|
||||
|
||||
/*
|
||||
* The length of the new password is in the last 4 bytes of
|
||||
@ -619,7 +619,7 @@ BOOL check_oem_password(char *user, unsigned char *data,
|
||||
*/
|
||||
D_P16(new_p16, &data[516], unenc_old_pw);
|
||||
|
||||
if(memcmp(smbpw->smb_passwd, unenc_old_pw, 16)) {
|
||||
if(memcmp(sampw->smb_passwd, unenc_old_pw, 16)) {
|
||||
DEBUG(0,("check_oem_password: old password doesn't match.\n"));
|
||||
return False;
|
||||
}
|
||||
@ -636,7 +636,7 @@ BOOL check_oem_password(char *user, unsigned char *data,
|
||||
override = True, override XXXXXXXXXX'd password
|
||||
************************************************************/
|
||||
|
||||
BOOL change_oem_password(struct smb_passwd *smbpw, char *new_passwd, BOOL override)
|
||||
BOOL change_oem_password(struct smb_passwd *sampw, char *new_passwd, BOOL override)
|
||||
{
|
||||
int ret;
|
||||
fstring upper_case_new_passwd;
|
||||
@ -649,14 +649,14 @@ BOOL change_oem_password(struct smb_passwd *smbpw, char *new_passwd, BOOL overri
|
||||
|
||||
E_P16((uchar *)upper_case_new_passwd, new_p16);
|
||||
|
||||
smbpw->smb_passwd = new_p16;
|
||||
sampw->smb_passwd = new_p16;
|
||||
|
||||
E_md4hash((uchar *) new_passwd, new_nt_p16);
|
||||
smbpw->smb_nt_passwd = new_nt_p16;
|
||||
sampw->smb_nt_passwd = new_nt_p16;
|
||||
|
||||
/* Now write it into the file. */
|
||||
become_root(0);
|
||||
ret = mod_smbpwd_entry(smbpw,override);
|
||||
ret = mod_sampwd_entry(sampw,override);
|
||||
unbecome_root(0);
|
||||
|
||||
memset(upper_case_new_passwd, '\0', strlen(upper_case_new_passwd));
|
||||
|
@ -1649,10 +1649,10 @@ static BOOL api_SetUserPassword(int cnum,uint16 vuid, char *param,char *data,
|
||||
|
||||
if(SVAL(*rparam,0) != NERR_Success)
|
||||
{
|
||||
struct smb_passwd *smbpw = NULL;
|
||||
struct smb_passwd *sampw = NULL;
|
||||
|
||||
if(check_lanman_password(user,(unsigned char *)pass1,(unsigned char *)pass2, &smbpw) &&
|
||||
change_lanman_password(smbpw,(unsigned char *)pass1,(unsigned char *)pass2))
|
||||
if(check_lanman_password(user,(unsigned char *)pass1,(unsigned char *)pass2, &sampw) &&
|
||||
change_lanman_password(sampw,(unsigned char *)pass1,(unsigned char *)pass2))
|
||||
{
|
||||
SSVAL(*rparam,0,NERR_Success);
|
||||
}
|
||||
@ -1675,7 +1675,7 @@ static BOOL api_SamOEMChangePassword(int cnum,uint16 vuid, char *param,char *dat
|
||||
{
|
||||
fstring user;
|
||||
fstring new_passwd;
|
||||
struct smb_passwd *smbpw = NULL;
|
||||
struct smb_passwd *sampw = NULL;
|
||||
char *p = param + 2;
|
||||
|
||||
*rparam_len = 2;
|
||||
@ -1703,7 +1703,7 @@ static BOOL api_SamOEMChangePassword(int cnum,uint16 vuid, char *param,char *dat
|
||||
fstrcpy(user,p);
|
||||
p = skip_string(p,1);
|
||||
|
||||
if(check_oem_password( user, (unsigned char *)data, &smbpw,
|
||||
if(check_oem_password( user, (unsigned char *)data, &sampw,
|
||||
new_passwd, (int)sizeof(new_passwd)) == False) {
|
||||
return True;
|
||||
}
|
||||
@ -1720,7 +1720,7 @@ static BOOL api_SamOEMChangePassword(int cnum,uint16 vuid, char *param,char *dat
|
||||
if(lp_unix_password_sync())
|
||||
chgpasswd(user,"", new_passwd, True);
|
||||
|
||||
if(change_oem_password( smbpw, new_passwd, False)) {
|
||||
if(change_oem_password( sampw, new_passwd, False)) {
|
||||
SSVAL(*rparam,0,NERR_Success);
|
||||
}
|
||||
|
||||
|
@ -429,21 +429,21 @@ update the encrypted smbpasswd file from the plaintext username and password
|
||||
*****************************************************************************/
|
||||
BOOL update_smbpassword_file( char *user, fstring password)
|
||||
{
|
||||
struct smb_passwd *smbpw;
|
||||
struct smb_passwd *sampw;
|
||||
BOOL ret;
|
||||
|
||||
become_root(0);
|
||||
smbpw = getsmbpwnam(user);
|
||||
sampw = getsampwnam(user);
|
||||
unbecome_root(0);
|
||||
|
||||
if(smbpw == NULL)
|
||||
if(sampw == NULL)
|
||||
{
|
||||
DEBUG(0,("update_smbpassword_file: getsmbpwnam returned NULL\n"));
|
||||
DEBUG(0,("update_smbpassword_file: getsampwnam returned NULL\n"));
|
||||
return False;
|
||||
}
|
||||
|
||||
/* Here, the flag is one, because we want to ignore the XXXXXXX'd out password */
|
||||
ret = change_oem_password( smbpw, password, True);
|
||||
ret = change_oem_password( sampw, password, True);
|
||||
if (ret == False)
|
||||
DEBUG(3,("update_smbpasswd_file: change_oem_password returned False\n"));
|
||||
|
||||
@ -1124,7 +1124,7 @@ BOOL password_ok(char *user,char *password, int pwlen, struct passwd *pwd)
|
||||
return(False);
|
||||
}
|
||||
|
||||
smb_pass = getsmbpwnam(user);
|
||||
smb_pass = getsampwnam(user);
|
||||
|
||||
if (!smb_pass)
|
||||
{
|
||||
|
@ -377,10 +377,10 @@ static int session_trust_account(char *inbuf, char *outbuf, char *user,
|
||||
char *smb_passwd, int smb_passlen,
|
||||
char *smb_nt_passwd, int smb_nt_passlen)
|
||||
{
|
||||
struct smb_passwd *smb_trust_acct = NULL; /* check if trust account exists */
|
||||
struct smb_passwd *sam_trust_acct = NULL; /* check if trust account exists */
|
||||
if (lp_security() == SEC_USER)
|
||||
{
|
||||
smb_trust_acct = getsmbpwnam(user);
|
||||
sam_trust_acct = getsampwnam(user);
|
||||
}
|
||||
else
|
||||
{
|
||||
@ -389,7 +389,7 @@ static int session_trust_account(char *inbuf, char *outbuf, char *user,
|
||||
return(ERROR(0, 0xc0000000|NT_STATUS_LOGON_FAILURE));
|
||||
}
|
||||
|
||||
if (smb_trust_acct == NULL)
|
||||
if (sam_trust_acct == NULL)
|
||||
{
|
||||
/* lkclXXXX: workstation entry doesn't exist */
|
||||
DEBUG(0,("session_trust_account: Trust account %s user doesn't exist\n",user));
|
||||
@ -405,28 +405,28 @@ static int session_trust_account(char *inbuf, char *outbuf, char *user,
|
||||
return(ERROR(0, 0xc0000000|NT_STATUS_LOGON_FAILURE));
|
||||
}
|
||||
|
||||
if (!smb_password_ok(smb_trust_acct, (unsigned char *)smb_passwd, (unsigned char *)smb_nt_passwd))
|
||||
if (!smb_password_ok(sam_trust_acct, (unsigned char *)smb_passwd, (unsigned char *)smb_nt_passwd))
|
||||
{
|
||||
DEBUG(0,("session_trust_account: Trust Account %s - password failed\n", user));
|
||||
SSVAL(outbuf, smb_flg2, FLAGS2_32_BIT_ERROR_CODES);
|
||||
return(ERROR(0, 0xc0000000|NT_STATUS_LOGON_FAILURE));
|
||||
}
|
||||
|
||||
if (IS_BITS_SET_ALL(smb_trust_acct->acct_ctrl, ACB_DOMTRUST))
|
||||
if (IS_BITS_SET_ALL(sam_trust_acct->acct_ctrl, ACB_DOMTRUST))
|
||||
{
|
||||
DEBUG(0,("session_trust_account: Domain trust account %s denied by server\n",user));
|
||||
SSVAL(outbuf, smb_flg2, FLAGS2_32_BIT_ERROR_CODES);
|
||||
return(ERROR(0, 0xc0000000|NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT));
|
||||
}
|
||||
|
||||
if (IS_BITS_SET_ALL(smb_trust_acct->acct_ctrl, ACB_SVRTRUST))
|
||||
if (IS_BITS_SET_ALL(sam_trust_acct->acct_ctrl, ACB_SVRTRUST))
|
||||
{
|
||||
DEBUG(0,("session_trust_account: Server trust account %s denied by server\n",user));
|
||||
SSVAL(outbuf, smb_flg2, FLAGS2_32_BIT_ERROR_CODES);
|
||||
return(ERROR(0, 0xc0000000|NT_STATUS_NOLOGON_SERVER_TRUST_ACCOUNT));
|
||||
}
|
||||
|
||||
if (IS_BITS_SET_ALL(smb_trust_acct->acct_ctrl, ACB_WSTRUST))
|
||||
if (IS_BITS_SET_ALL(sam_trust_acct->acct_ctrl, ACB_WSTRUST))
|
||||
{
|
||||
DEBUG(4,("session_trust_account: Wksta trust account %s denied by server\n", user));
|
||||
SSVAL(outbuf, smb_flg2, FLAGS2_32_BIT_ERROR_CODES);
|
||||
|
Loading…
Reference in New Issue
Block a user